Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Https....where do i start

  • 15-10-2009 1:14pm
    #1
    The Mighty Dubs
    Registered Users, Registered Users 2 Posts: 224 ✭✭


    Hi,

    I have developed a site and i was thinking of using https as an added security measure. I presume it does this?
    • How would i go about this.
    • Does anyone know any good reference links?


    Thanks


Comments

  • #2
    Black Swan
    Moderators, Category Moderators, Science, Health & Environment Moderators, Society & Culture Moderators Posts: 47,528 CMod ✭✭✭✭Black Swan


    The Mighty Dubs wrote: »
    Does anyone know any good reference links?
    Verisign is one of the major CAs and has useful information on SSL protocol. See: http://www.verisign.com/ssl/ssl-information-center/how-ssl-security-works/index.html

    You may want to also review TLS, which I believe is replacing the SSL protocol? See link: http://tools.ietf.org/html/rfc5246


  • #3
    probe
    Closed Accounts Posts: 2,055 ✭✭✭probe


    In most cases the use of TLS is automatic. If the server and browser can do TLS, it will happen automatically. If you go into virtually any https:// web server and view the certificate, chances are your connection will be shown as TLS for client and server.


  • #4
    probe
    Closed Accounts Posts: 2,055 ✭✭✭probe


    The Mighty Dubs wrote: »
    Hi,

    I have developed a site and i was thinking of using https as an added security measure. I presume it does this?
    • How would i go about this.
    • Does anyone know any good reference links?

    It depends on the server software. Are you hosting it yourself or using a hosting service?

    Try going into https://www.youraddress.com (ie use your own site's URL with https prefix)

    If you get an invalid certificate warning from your browser, you can accept the invalid certificate - ignoring the warnings, and you should get a secure connection to your website with padlock.

    If you have any buttons on your webpages, (eg to login), check that they don't break the secure connection (ie the padlock goes away).

    If everything is working - you just need to get a real certificate. Godaddy.com is probably the cheapest and easiest. The stature of the certificate issuer does not affect the technical security of the connection.

    If you want a deluxe looking "extended validation" certificate that creates a green bar at the top of the browser, this costs extra, and is difficult to get unless you have a US incorporated company with a D&B rating etc - typical American anti-foreigner insular "racism"! One might also call it an illegal restraint of trade.

    If you don't get an ssl connection by accepting the default certificate on the server, you will have to contact your hosting provider or consult their website about getting an SSL connection working.

    If you are having customers of your website log-in, it is best to force them to use complex passwords - eg min 10 character passwords with a mix of upper and lower case and numbers and $%& type characters.

    If you are using an online content management system like Drupal, you may have problems (eg the user gets dumped to an insecure connection after logging in). Hopefully the next version Drupal 7 will fix this when it comes out next year.

    Without knowing the environment you are working it - operating system, content management system, etc it is difficult to suggest anything else.


Advertisement